Terrapin Attack: Breaking SSH Channel Integrity by Sequence Number Manipulation
Unknown
Black Hat USA 2024 · Day 1 · Briefing
This talk introduces the **Terrapin Attack**, a novel prefix truncation attack that compromises the integrity of the Secure Shell (SSH) protocol's encrypted channel. Presented at Black Hat USA, the research behind this attack was published by the speaker and their colleagues, Marcus Brinkmann and Jörg Schwenk, at the USENIX Security Symposium. The Terrapin Attack exploits vulnerabilities in the SSH handshake when specific modern encryption modes, namely **ChaCha20-Poly1305** and **AES-GCM**, are used. By manipulating sequence numbers during the key exchange, a man-in-the-middle (MITM) attacker can effectively remove an arbitrary number of messages from the beginning of the secure channel without detection, leading to severe consequences such as authentication bypass or a downgrade of the connection's security features.